QR Codes Advantages and Dangers

Krassie Petrova

, Adriana Romanello

, B. Dawn Medlin

and

Sandra A. Vannoy

Department of Computer Information Systems, School of Engineering, Computer and Mathematical Sciences,

Auckland University of Technology, Auckland, New Zealand

Department of Management, Universidad Rey Juan Carlos, Madrid, Spain

Department of Information Systems, Appalachian State University, Boone, U.S.A.

Department of Computer Information Systems, Appalachian State University, Boone, U.S.A.

Keywords: QR Codes, QR Characteristics, QR Advantages, QR Dangers.

Abstract: Quick Response (QR) codes are two dimensional (matrix) codes that have been developed in ways that allow

companies and individuals to sell or market their products, skills, and events quickly and easily. The code can

be used to represent data such as a web address or map location that can be scanned quickly by a mobile

device such as a smart phone. Tracking inventories and marketers were some of the first uses and users of QR

codes because of the ease of deployment and low development cost. The use has also grown quickly amongst

individual users who want to transfer information such as sending an invitation, providing details about an

event, or even announcing a baby’s birth. While there are many advantages in the use of QR codes, there is a

negative side that has resulted in end users discontinuing their use. Our paper discusses both the usefulness

of QR codes as well as the inconveniences and dangers that they may pose.

1 INTRODUCTION

The symbol known as a Quick Response (QR) code

is a two dimensional (matrix) that was introduced in

1994, initially as a means to track parts used in

automobile manufacturing in Denso Wave - one of

Japan’s Toyota group of companies (Brindha and

Gopikaarani, 2014). The patent was made available

for public use and an international standard was

approved by the International Standards organization

in 2000 and is regularly being updated (ISO, 2015).

Similarly to the original use of QR codes in the

automobile industry, QR codes can be used in a

number of areas as a means to support interaction in

controlled situations such as in education. Examples

include marking assessment (Bhaturkar and Bagde,

2014), providing formative feedback in class (Susono

and Shimomura, 2006), and protecting the integrity of

online examinations (Soman et al., 2013). In the

scenarios above the QR code is created by the

“controlling” central party (e.g., the teacher) and

distributed too many client users (students), either the

same to all, or personalized to a degree.

There are a number of commercial and free tools

that can be used by the central party to generate a QR

code (Wainwright, 2015). On the side of the client,

users need to have a device (mobile phone) that once

the code is made available, the device can read.

Second, there must be a means to decode it and obtain

the content – either by software that is pre-installed

on the client device (e. g., a suitable mobile

application), and/or by accessing a remote server to

obtain the content or the parts of it that may need user

authentication.

Compared to the linear (one-dimensional) bar

code the QR code has two major functional

advantages (Rouillard, 2008). First, due to the high

data-density of the encoding (approximately 100

times more than a bar code) a QR code can contain

significantly more information than a bar code while

occupying a comparable space slot (up to 7000

alphanumeric characters), and secondly, it is able to

support encoding of characters such as the ones used

in logographic and phonemic writing systems (e. g.,

Kanji and Kana).

This position paper acknowledges the advantages

of QR codes; however, the current environment of

hacking and identify theft has highlighted this symbol

(QR) as a means to capture information and to create

fraudulent activities. Additionally, dangerous and

malicious QR codes have been created to direct end

users to sites that contain malicious software among

112

Petrova, K., Romaniello, A., Medlin, B. and Vannoy, S.

QR Codes Advantages and Dangers.

DOI: 10.5220/0005993101120115

In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 2: ICE-B, pages 112-115

ISBN: 978-989-758-196-0

other types of destructive attacks.

2 CREATION OF QR CODES

QR codes can be created easily and cheaply, often at

no cost. If an individual does a search on the Internet

for a QR code creator, hundreds of links are found

that offer free applications.

These tools are simple to use as they allow the end

user to easily make selections to create the QR code.

The creator can select where the QR takes the reader.

It can be to a URL, phone number, SMS, text, maps

or other locations.

Attributes that may be set within the code include

the size of the QR code, such as S: One square inch (a

perfect size for your business card), and as well as its

color.

As an example, the QR code below was created

using QRStuff.com, a free tool that links you to the

website of Appalachian State University.

Figure 1: QR code to Appalachian State University.

Creation of QR codes are continually being

developed with new inclusions of symbols and

different shapes, but issues have arisen such as errors

around the decoding process. But there have been

successes.

A novel image blending method of improving the

QR code visual significance for marketing purposes

is proposed by Baharav and Kakarala (2013); it

improves QR code aesthetics and visual significance

by embedding images such as brand logos in full

colour, without a negatively impacting the error

correction. Furthermore, (Lin et al., 2013a) proposed

a systematic QR code beautification framework that

allows an individual user to personalize the QR code

they create (for example a QR code containing

contact details meant to be to be printed on a business

card) by selecting visually meaningful patterns.

3 QR CODE ADOPTION

Despite the promising opportunities QR code use by

individuals is not widely spread worldwide except for

Japan and Korea (Sasaki et al., 2007, Rouillard, 2008)

but was well established in Japan and in Korea (Ryu

and Murdock, 2013, Sago, 2011). More specifically

Sago (2011) found that the participants in their

research (college students) did not fully understand

how QR codes worked and were not sure whether

their mobile phones could read them; therefore, they

were not interested in reading a QR code when seeing

one. However participants who showed interest in QR

codes were highly likely to use them in the future.

Similar results were obtained in more recent work

(Ozkaya et al., 2015, Lo, 2014) which also found that

even individuals who considered themselves

innovative were not very likely to use QR codes.

The findings in these studies and also in Okazaki

et al. (2012) and Jung et al. (2012) indicated that the

perceived usefulness and ease of use of QR code as

well as perceived attractiveness may influence

positively user attitude towards QR codes; a

relationship between the type of product being

marketed and expected QR use was identified by

Narang et al. (2012).

Addressing in part the noticeable lack of increase

in customer adoption of QR use, current advances in

QR development has focused on improving their

appeal. A novel image blending method of improving

the QR code visual significance for marketing

purposes is proposed by Baharav and Kakarala

(2013); it improves QR code aesthetics and visual

significance by embedding images such as brand

logos in full colour, without a negative impact the

error correction. Furthermore (Lin et al., 2013a)

propose a systematic QR code beautification

framework that allows an individual user to

personalize the QR code they create (for example a

QR code containing contact details meant to be to be

printed on a business card) by selecting visually

meaningful patterns.

Unfortunately, all of these advances to make QR

codes more appealing to end users may make them

more appealing to hackers and those that want to use

them in harmful and menacing ways.

4 ADVANTAGES OF QR CODES

There are a number of other use contexts that involve

creating as well using QR codes by individuals as a

tool to transfer information as described by

Narayanan (2012). Examples include encoding

personal details in a QR code for others to scan and

decode on their devices or scanning someone’s QR

code to load their details on the reader’s phone (i.e.,

using the QR code as a machine readable personal

card), sending and receiving invitations (i.e.,

QR Codes Advantages and Dangers

113

encoding detail about an event including location in a

QR code which can be posted on Web pages, or

printed in other media, to be scanned by people who

want to obtain the invitation).

As an overview of advantages, they include the

following:

• Can decide the action you want the customer

to take.

• Follow ISO standards.

• Completely measureable.

• Instant information available to consumers.

• Reduces reprints of advertising materials, and

• Is an established marketing tool.

These advantages and ease of use of QR codes

have found new adopters. New adopters, and all users

may not be aware that cyber criminals use these same

applications to introduce “malicious QR codes.”

5 DANGERS OF QR CODES

The ease with which one can create and distribute QR

codes has not only attracted businesses, but the

criminal element as well. QR Codes, like many other

mobile applications, have been developed with little

forethought to security. While most of us will think

twice about opening a questionable email or visiting

an uncertain website, we often have no qualms about

scanning a QR code. Most people are unaware that

scanning an unknown QR code offers serious security

concerns. While the QR code itself isn’t dangerous,

there is no opportunity to evaluate the site it will lead

you to such as the case with an email or website. If

the barcode application displays the URL, an

observant user may notice a suspicious-looking URL.

However, URL shorteners can make it more difficult

for users to evaluate the legitimacy of a URL (Vidas

et al., 2012). Typically, the end user reads the code

without evaluating risks, and then suffers the

consequences if there are security problems.

It is quite easy for a sticker to be printed

containing a malicious QR code and then attached

over the legitimate code, a type of attack that is

known as attagging. QR codes are the perfect vehicle

for malicious attacks, facilitating phishing

(QRishing) attacks and redirecting users to malicious

websites that host viruses, worms, and Trojans (Jain

and Shanbhag, 2012). Malicious embedded URLs

can lead to malware being installed on mobile devices

and result in the loss of sensitive personal data and

even damage to software and hardware (Narayanan,

2012).

When a user takes a photo of a QR code, the link

it stores is first displayed on the device’s screen;

however, cybercriminals also use URL shortening

services (such as bit.ly and others) to disguise the

ultimate address stored in the QR code which may

lead to a page with malware that steals the user’s

credentials or to a phishing site (Malenkovich, 2015).

QR codes are seen in magazines, on billboards,

and on storefronts. They seem to be anywhere and

everywhere. Because of the unique ability of QR

codes to bridge the gap between virtual reality and

actual reality, many consumers forget that QR codes

pose the same dangers as emails and websites that can

have the ability to capture personal information.

The general design of QR codes makes it

impossible to distinguish one from another with the

human eye, meaning that anyone can replace

legitimate codes with an illegitimate one using a sheet

of QR coded stickers. In Russia, cybercriminals used

imposter QR codes to siphon cash and personal

information from hundreds of smartphone owners in

2011 and were refining their methods to dupe even

more users.

6 RECOMMENDATIONS

Several recommendations can be made with regard to

security and QR code scanning. For example,

companies such as Norton are developing products to

help combat security issues around QR code. QR

code reader Norton Snap verifies the safety of

websites before they are allowed to load on your

mobile device. When the QR code is read, the

website’s safety rating is checked and the application

will block any suspicious sites. It also allows the user

to view the URL. QR Pal, another secure QR code

reader, utilizes SafeScan, a built-in fraud prevention

technology, to alert the end user when it detects

fraudulent activity associated with a scan. It is

recommended that only QR code readers that allow

evaluation of the URL before directing the user to a

site should be used.

As QR codes often lead to virus-infected sites, the

mobile user should always use an antivirus app. But

this is also an issue as smart phone users do not

generally adopt security measures such as the use of

anti-virus apps. Mobile devices are particularly

susceptible to viruses, and should be actively

protected. The most effective security measure is to

carefully evaluate a QR code before scanning. Only

scan codes from trusted sources. For example, while

scanning a QR code in a magazine should be

relatively secure, scanning a code on a handmade

ICE-B 2016 - International Conference on e-Business

114

flyer would not be wise. Additionally, before

scanning a code from a public venue, it would be wise

to simply feel the code to ensure that it is not a sticker,

which could indicate a security risk (“Scanning QR

Codes: Be safe”).

7 CONCLUSIONS

The general design of a QR code makes it easy and

cheap to create, as well as impossible to identify as a

“good” QR code versus a “harmful” one. But there

are steps that companies and individuals must assume

before simply scanning a random QR code and

trusting that it will not introduce malicious code or do

harm rather than good. Simply put, end users should

never trust any QR code and be suspicious and alert

to where any QR code may take them.

REFERENCES

Baharav, Z. & Kakarala, A, R. 2013. Visually significant

QR codes: Image blending and statistical analysis.

Multimedia and Expo (ICME), 2013 IEEE

International Conference on, 2013. IEEE, 1-6.

Bhaturkar, K. P. & Bagde, K. G. 2014. QR code based

digitized marksheet. International Journal of

Management, IT and Engineering, 4, 57.

Brindha, G. & Gopikaarani, N, 2014. Secure banking using

QR code.

ISO .2015. Available: http://www.iso.org/iso/catalogue_

detail?csnumber=43655 [Accessed 1 March 2016].

Jain, A. K., & Shanbhag, D,2012. Addressing security and

privacy risks in mobile applications. IT Professional,

(5), 28-33.

Jung, J.-H., Somerstein, R. & Kwon, E. S., 2012. Should i

scan or should i go?: Young consumers'motivations for

scanning qr code advertising. International Journal of

Mobile Marketing, 7.

Lin, Y.-H., Chang, Y.-P. & Wu, J.-L., 2013a. Appearance-

based QR code beautifier. Multimedia, IEEE

Transactions on, 15, 2198-2207.

Lo, H., 2014. Quick response codes around us: Personality

traits, attitudes toward innovation, and acceptance.

Journal of Electronic Commerce Research, 15, 35-39.

Malenkovich, 2015. Retrieved from https://blog.

kaspersky.com/qr-codes-convenient-dangerous/1115/

on April 8, 2015.

Moore, R., Lopes, J., 1999. Paper templates. In

TEMPLATE’06, 1st International Conference on

Template Production. SCITEPRESS.

Narang, S., Jain, V. & Roy, S. 2012. Effect of QR codes on

consumer attitudes. International Journal of Mobile

Marketing, 7, 52-64.

Narayanan, S. (2012), QR Codes and Security Solutions.

International Journal of Computer Science and

Telecommunications, 3(7), 69-72.

Okazaki, S., Li, H. & Hirose, M., 2012. Benchmarking the

use of QR code in mobile promotion. Journal of

Advertising Research, 52, 102-117.

Ozkaya, E., Ozkaya, H. E., Roxas, J., Bryant, F. & Whitson,

D., 2015. Factors affecting consumer usage of QR

codes. Journal of Direct, Data and Digital Marketing

Practice, 16, 209-224.

Rouillard, J., 2008. Contextual QR Codes. Proceedings of

the Third International Multi-Conference on

Computing in the Global Information Technology

(ICCGI 2008). IEEE.

Ryu, J. S. & Murdock, K. 2013., Consumer acceptance of

mobile marketing communications using the QR code.

Journal of Direct, Data and Digital Marketing

Practice, 15, 111-124.

Sago, B., 2011. The usage level and Effectiveness of Quick

Response (QR) codes for integrated marketing

communication purposes among college students.

International Journal of Integrated Marketing

Communications, 3, 7-17.

Sasaki, J., Shimomukai, H., Yoneda, T. & Funyu, Y., 2007.

Development of Designed QR Code. Frontiers in

Artificial Intelligence and Applications, 154, 290.

“Scanning QR Codes: Be Safe.” Retrieved from

http://beqrioustracker.com/scanning-qr-codes-be-safe/

on April 8, 2016.

Soman, N., Shelke, U. & Patel, S., 2013. Automated

Examination Using QR Code. International Journal of

Engineering and Advanced Technology, 2,

622-627.

Susono, H. & Shimomura, T., 2006. Using mobile phones

and QR codes for formative class assessment. Current

developments in technology-assisted education, 2,

1006-1010.

Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L, 2012

QRishing: The Susceptibility of Smartphone Users to

QR Code Phishing Attacks. CyLab: Carnegie Mellon

University, 12 pgs.

Wainwright, C., 2015. How to make a QR code in 4 quick

steps [Online]. Available: http://blog.hubspot.com/

blog/tabid/6307/bid/29449/How-to-Create-a-QR-

Code-in-4-Quick-Steps.aspx [Accessed 1 March 2016].

Zhou, Y. & Jiang, X., 2012. "Dissecting Android Malware:

Characterization and Evolution," 2012 IEEE

Symposium on Security and Privacy, San Francisco,

CA, pp. 95-109.

QR Codes Advantages and Dangers

115